Would be nice that the developers record their name somewhere in the ISO. Passengers don't know where to post, to feed back for bugs but not only,
it can be for congratulations :
Linux people generally test how it is done, passengers from Windows test what applications the Puppy provides free of charge, for their leasure, and pleasure._________________Passenger Pelo ! don't ask him to repair the aircraft. Don't use him as a demining dog .... pleeease.

After some testing, the 2018 version of Slacko5.7 is available. Its all the same as 01micko's original with security updates, a migration to OpenSSL 1.0.2k (supported), and FireFox 27.0.1 that has been configured towards security/privacy. Printing problems are solved by using a recent BASH 4.1.17 update provided by Uncle Slacky. The "eeePC" version is deprocated. Please see Post #1 on Page #1.

It figures as soon as the new general updates get U/L for use that two security updates from Uncle Slack are released.

The first one (was) is libxml2 (9/23/17). This does not have a CVE entry, but was discovered internally by Slackware. A symlink is needed after removing the older version. The DOC files can be removed and the .packages file in root can be moved to builtin_files with removal of the most recent version.
----------------------------------------------------
The second is curl7.56 This one has CVE entries and the write up suggests that this one be done.

"Due to a flaw in the string parser for the directory name, a directory name passed without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path."

As with the first update a symlink is needed, and the .packages file moved. Folks that are directly using CURL might want to keep the DOC files.

This is a non-PAE spin based on a non-PAE distro, however Arching is invoked.

PAE is simply the NX execution bit on the physical CPU die (read/access 4Gb or more RAM-memory).

32-bit is 32-bit.
64-bit is PAE only as far as I am aware, and is 64 bit (x86-64 AMD or i-64 Intel).

Arching allows 64-bit to read/execute 32-bit instructions, and allows 32-bit to read/access up to 4Gb RAM memory (what we call nonPAE is a WINDOWS requirement that limits access to about 3.5Gb RAM)

32-bit cannot read/execute 64-bit instruction.

Arching is a kernel function that is allowed in this spin and 01micko's original

The full title of this distro is Pupply Slacko5.7.i-686-4GnonPAE if I recall correctly. The full tiitle implies arching, so that 32-bit nonPAE can read/acess up to the full 4Gb RAM permitted by 32-bit architecture.

So its 32-bit version regardless of PAE/nonPAE due to Arching IF the CPU is 32-bit.
And if your CPU is 64-bit its PAE, but needs the 64-bit version of the update..

The August 2017 version of the FF27 thats installed has a bug/typo in about:config and its an important one...

Change the "4" value in security.tls.version.max to a "3" w/o quotes. It appears that the 4 value DOES NOT imply TLS1.3, but rather recycles to a ZERO setting allowing TLS 1.0 (not secure). And it appears in Edit --> Preferences I left the popup blocker on... thats a nuissance here, and elsewhere when internally re-directing to another page.

A very important update for wi-fi users... Slackware has published the wpa_supplicant update to mitigate "KRACK" vunerabilities. Its about as mandatory as possible, since this is a global failure of wpa_supplicant.

Note that MENU --> Setup --> Updates from Slackware MUST show version 2.6

If it does not, goto MENU --> System --> Puppy Package Manager and click on the crossed wrench

Slackware has made available an openssl patch from 1.0.2k --> 1.0.2m today. Thiss update proceeds differently than all others due to the 1.0.2 version.

Go to slackware.com --> Security Advisories --> 2017

At or near top of list is the "openssl" update link, click on that.

There are TWO files to D/L, first is the "solibs". It may be underneath the main file.

Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay

When done go back to previous tab and repeat these steps for the "openssl" itself.

When done with both D/L's close the browser and disconnect from internet.

There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in and delete the 1.0.2K files.

At this point, a shutdown and reboot can be done, then connect to internet again.

Regards
8Geee_________________Linux user #498913

Some people need to reimagine their thinking.Last edited by 8Geee on Wed 29 Nov 2017, 21:08; edited 1 time in total

Curl 7.57 is newest curl patch available. This fixes improper wildcard use, and SSL reads 'out of bounds'. No symlinks are needed, and the package text file can be moved to built_in folder. DOC files may be discarded, though users of curl-ftp should review them.

LibXcursor has not been updated in slacko5.7 since inception. At this time there is need to correct improper sizing of requests for 32-bit systems. Again, no need for symlinks, and DOC files can be reviewed/tossed. Move the /~.package file to built_in.

EDIT*** libXfont did not appear in the Slackware update in MENU... yet libXfont does exist. Go to Slackware.com --> Security Advisories --> 2017. It is near the top. See the "openssl 1.0.2m" update posting just above for parallel instructions to install.

Theres a new update to Openssl from 1.0.2m --> n.
The proceedure for install:

Go to slackware.com --> Security Advisories --> 2017

At or near top of list is the "openssl" update link, click on that.

There are TWO files to D/L, first is the "solibs". It may be underneath the main file.

Highlight with Double-click then right click to COPY
Open a new tab and PASTE the link, then ENTER
Select open with pupzip, and click YES in yellow dialog box.
Puppy Package Manager will install, click yes upon TWO dialog boxes. NOTE there may be a long-ish delay

When done go back to previous tab and repeat these steps for the "openssl" itself.

When done with both D/L's close the browser and disconnect from internet.

There are no symlinks to perform, or unusual things to do. The /usr/doc files may be deleted, and the /tmp zip-files.
In /root move the .packages files ( use <o> button to show the hidden packages file) to built-in.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum